Dear All, I need help with dot1x implementation in an Enterprise LAN. Our target is to authenticate and authorize users based on their identities (domain user names) as well as applying GPOs on users.
Our authentication Backend is: Active Directory Our Authorization & Accounting is done by: freeRADIUS Authorization Attributes control VLAN assignment (hence, IP address pool) Required Authentication EAP-Type : PEAP & MS-CHAP All Clients are using WinXP supplicant. I managed to implement PEAP&MS-CHAP with this setup however with users who have cached credentials on their PCs. If the user logs on the PC for the first time, he fails to reach the active directory to authenticate since the connection is not yet authorized. So what I need is get the computer authenticated and assigned an IP address and then authenticate the user in a following phase while the connection is up. Any clues with authenticating domain machines using freeradius and active directory implementation?
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html